General
-
Target
LaucnhBHF.exe
-
Size
10.5MB
-
Sample
240630-tdzh5azgmb
-
MD5
7ff316af4c42e8c8f863a7b0f1b49367
-
SHA1
afb05fa67dd8ce1c95161a18b336f36ba447813a
-
SHA256
c5c4cbdb1274364171277919e06558417737b041d163678713d9316fc70f4825
-
SHA512
957522ca84ec470d9f8f433253ce10ad7da51c4247560cefaf631281ac7a68e2c9adec8887d526fe71f5eee832e0a1442eaacc03563ea4f059ea219061ec3bc1
-
SSDEEP
24576:MNZQnEK4hZpx3mUDxBOIUin2RlZeXTQfEZwYbS9DEr:8cEK+px3hDxBOISBfEZvkc
Static task
static1
Behavioral task
behavioral1
Sample
LaucnhBHF.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
LaucnhBHF.exe
-
Size
10.5MB
-
MD5
7ff316af4c42e8c8f863a7b0f1b49367
-
SHA1
afb05fa67dd8ce1c95161a18b336f36ba447813a
-
SHA256
c5c4cbdb1274364171277919e06558417737b041d163678713d9316fc70f4825
-
SHA512
957522ca84ec470d9f8f433253ce10ad7da51c4247560cefaf631281ac7a68e2c9adec8887d526fe71f5eee832e0a1442eaacc03563ea4f059ea219061ec3bc1
-
SSDEEP
24576:MNZQnEK4hZpx3mUDxBOIUin2RlZeXTQfEZwYbS9DEr:8cEK+px3hDxBOISBfEZvkc
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-